Vulnerabilities > Untangle > NG Firewall > 14.2.0

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-18649 Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
network
untangle CWE-79
3.5
3.5
2019-11-14 CVE-2019-18648 Cross-site Scripting vulnerability in Untangle NG Firewall 14.2.0
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
network
untangle CWE-79
3.5
3.5
2019-11-14 CVE-2019-18647 Command Injection vulnerability in Untangle NG Firewall 14.2.0
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
network
low complexity
untangle CWE-77
critical
 9.0
9.0
2019-11-14 CVE-2019-18646 SQL Injection vulnerability in Untangle NG Firewall 14.2.0
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
network
low complexity
untangle CWE-89
6.5
6.5